{"id":34868,"date":"2025-12-04T07:25:36","date_gmt":"2025-12-04T07:25:36","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=32867"},"modified":"2026-04-17T18:07:34","modified_gmt":"2026-04-17T18:07:34","slug":"react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/","title":{"rendered":"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of React\/Next.js (CVE-2025-55182\/CVE-2025-66478); Because React Server Components are insecurely deserialized when processing HTTP requests, an unauthenticated attacker can call the Node.js built-in module by constructing a specially crafted form to execute arbitrary code on the target server. Since the App Router used by Next.js embeds the DOM package of React, Therefore, it is also affected by this vulnerability. The CVSS score is 10.0. At present, the vulnerability details and PoC have been made public. Relevant users are requested to take measures to protect themselves as soon as possible.<\/p>\n\n\n\n<p>Reference links:<\/p>\n\n\n\n<p><a href=\"https:\/\/nextjs.org\/blog\/CVE-2025-66478\">https:\/\/nextjs.org\/blog\/CVE-2025-66478<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components\">https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Scope of Impact<\/h2>\n\n\n\n<p><strong>Affected versions<\/strong><a><\/a><a><strong><\/strong><\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>React Server = 19.0<\/li>\n\n\n\n<li>React Server = 19.1.0<\/li>\n\n\n\n<li>React Server = 19.1.1<\/li>\n\n\n\n<li>React Server = 19.2.0 <\/li>\n\n\n\n<li>14.3.0-canary.77 &lt;= Next.js &lt;= 15.0.4<\/li>\n\n\n\n<li>15.1.0 &lt;= Next.js &lt;= 15.1.8<\/li>\n\n\n\n<li>15.2.0 &lt;= Next.js &lt;= 15.5.6<\/li>\n\n\n\n<li>16.0.0 &lt;= Next.js &lt;= 16.0.6<\/li>\n\n\n\n<li>Dify &lt;= 1.10.1<\/li>\n\n\n\n<li>NextChat<\/li>\n<\/ul>\n\n\n\n<p>Note: including react-server-dom-webpack\/react-server-dom-parcel\/react-server-dom-turbopack<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>15.0.0&nbsp;&lt;=&nbsp;Next.js&nbsp;&lt;=&nbsp;15.0.4<\/li>\n\n\n\n<li>15.1.0&nbsp;&lt;=&nbsp;Next.js&nbsp;&lt;=&nbsp;15.1.8<\/li>\n\n\n\n<li>15.2.0&nbsp;&lt;=&nbsp;Next.js&nbsp;&lt;=&nbsp;15.5.6<\/li>\n\n\n\n<li>16.0.0&nbsp;&lt;=&nbsp;Next.js&nbsp;&lt;=&nbsp;16.0.6<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;14.3.0-canary.77<\/li>\n<\/ul>\n\n\n\n<p>Note: Frameworks\/tools that rely on React, such as react-router, waku, @parcel\/rsc, @vitejs\/plugin-rsc, rwsdk and RedwoodJS (RSC mode), may also be affected.<\/p>\n\n\n\n<p><strong>Unaffected version<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>React&nbsp;Server&nbsp;=&nbsp;19.0.1<\/li>\n\n\n\n<li>React&nbsp;Server&nbsp;=&nbsp;19.1.2<\/li>\n\n\n\n<li>React&nbsp;Server&nbsp;=&nbsp;19.2.1<\/li>\n\n\n\n<li>Next.js&nbsp;=&nbsp;13.x<\/li>\n\n\n\n<li>Next.js&nbsp;&lt;=&nbsp;14.3.0-canary.76<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;15.0.5<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;15.1.9<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;15.2.6<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;15.3.6<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;15.4.8<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;15.5.7s<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;15.6.0-canary.58<\/li>\n\n\n\n<li>Next.js&nbsp;&gt;=&nbsp;16.0.7<\/li>\n\n\n\n<li>Dify&nbsp;&gt;=&nbsp;1.10.1-fix.1<\/li>\n<\/ul>\n\n\n\n<p>Note: Next.js applications that only use Client Components (Pages Router) and Edge Runtime are not affected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Detection<\/h2>\n\n\n\n<p><strong>Manual inspection<\/strong><\/p>\n\n\n\n<p>Relevant users can check whether the project uses React Server Component (RSC):<\/p>\n\n\n\n<p>1. Determine whether the application uses framework components such as next, Dify, react-router, waku, @parcel\/rsc, @vitejs\/plugin-rsc and rwsdk<\/p>\n\n\n\n<p>2. Check whether use server\/use client is used in the code<\/p>\n\n\n\n<p>If you are sure that React Server Component (RSC) is used, you can execute the following command to check whether the version is in the affected range:<\/p>\n\n\n\n<p class=\"has-cyan-bluish-gray-background-color has-background\">npm list react-server-dom-webpack react-server-dom-turbopack react-server-dom-parcel&Acirc;&nbsp;<\/p>\n\n\n\n<p><strong>Tool inspection<\/strong><\/p>\n\n\n\n<p>NSFOCUS Automated Penetration Testing Tool (EZ) has supported service identification and CVE-2025-55182\/CVE-2025-66478 vulnerability risk detection of frameworks such as Next.js and Dify, which can be scanned directly using the web module. (Note: For the enterprise version, please contact NSFOCUS sales staff to obtain it)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2025\/12\/1210a.png\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2025\/12\/1210a.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-32915\" width=\"554\" height=\"170\"><\/a><\/figure>\n\n\n\n<p><strong>Product testing<\/strong><\/p>\n\n\n\n<p>NSFOCUS Remote Security Assessment System (RSAS), WEB Application Vulnerability Scanning System (WVSS) and Network Intrusion Detection System<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&nbsp;<\/td><td><strong>Upgrade package<\/strong> <strong>version No<\/strong><strong>.<\/strong><\/td><td><strong>Upgrade package download link<\/strong><\/td><\/tr><tr><td><strong>RSAS V6 System plug-in package<\/strong><\/td><td>V6.0R02F01.4307<\/td><td>https:\/\/update.nsfocus.com\/update\/listRsasDetail\/v\/vulsys<\/td><\/tr><tr><td><strong>RSAS&nbsp;V6&nbsp;Web Plugin package<\/strong><\/td><td>V6.0R02F00.3807<\/td><td>https:\/\/update.nsfocus.com\/update\/listRsasDetail\/v\/vulweb<\/td><\/tr><tr><td><strong>WVSS V6 Plug-in upgrade package<\/strong><\/td><td>V6.0R03F00.389<\/td><td>https:\/\/update.nsfocus.com\/update\/listWvssDetail\/v\/6\/t\/plg<\/td><\/tr><tr><td><strong>IDS<\/strong><\/td><td>5.6.11.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listNewidsDetail\/v\/rule5.6.10<\/td><\/tr><tr><td><strong>IDS<\/strong><\/td><td>5.6.10.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listNewidsDetail\/v\/rule5.6.11<\/td><\/tr><tr><td><strong>IDS<\/strong><\/td><td>2.0.0.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listNewidsDetail\/v\/rule5.6.11_v2<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Risk Investigation of Exposure Surface<\/h2>\n\n\n\n<p><strong>Cloud detection<\/strong><\/p>\n\n\n\n<p>NSFOCUS External Attack Surface Management Service (EASM) supports Internet asset troubleshooting of CVE-2025-55182\/CVE-2025-66478 vulnerability risks. It has helped service customer groups complete exposure surface troubleshooting and conduct timely vulnerability warnings and closed-loop disposal before threats occur. Interested customers can arrange detailed consultation and communication by contacting their local regional colleagues at NSFOCUS or sending an email to rs@nsfocus.com.<\/p>\n\n\n\n<p><strong>Local investigation<\/strong><\/p>\n\n\n\n<p>NSFOCUS CTEM solution can actively and passively discover and troubleshoot React-related assets and CVE-2025-55182\/CVE-2025-66478 vulnerability risks:<\/p>\n\n\n\n<p>Users use the external attack surface discovery function to synchronize CVE-2025-55182\/CVE-2025-66478 vulnerability clues to the cloud, and obtain the affected assets of the target unit through asset mapping.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Mitigation<\/h2>\n\n\n\n<p><strong>Official upgrade<\/strong><\/p>\n\n\n\n<p>At present, the official has released a new version to fix the above vulnerabilities. Affected users are requested to upgrade the version as soon as possible for protection. <\/p>\n\n\n\n<p>Download links:<\/p>\n\n\n\n<p>React: https:\/\/github.com\/facebook\/react\/releases<\/p>\n\n\n\n<p>Next.js: https:\/\/github.com\/vercel\/next.js\/tags<\/p>\n\n\n\n<p>Dify: https:\/\/github.com\/langgenius\/dify\/releases<\/p>\n\n\n\n<p><strong>Product mitigation<\/strong><\/p>\n\n\n\n<p>In response to the above vulnerabilities, NSFOCUS WEB Application Protection System (WAF), NSFOCUS Network Intrusion Prevention System (IPS), NSFOCUS Integrated Threat Probe (UTS), NSFOCUS Security Management Platform (ESP-H) and NSFOCUS Intelligent Security Operation Platform (ISOP) have released rule upgrade packages. Relevant users are requested to upgrade the rule packages to the latest version to form security product protection capabilities.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th>Products<\/th><th>Upgrade package version No.<\/th><th>Upgrade package download link<\/th><th>Rule No.<\/th><\/tr><\/thead><tbody><tr><td>WAF<\/td><td>6.0.8.1.72517<\/td><td>https:\/\/update.nsfocus.com\/update\/listWafV68Detail\/v\/rule<\/td><td>[27007078]<\/td><\/tr><tr><td>&nbsp;<\/td><td>6.0.7.3.72517<\/td><td>https:\/\/update.nsfocus.com\/update\/listWafV67Detail\/v\/rule6070<\/td><td>&nbsp;<\/td><\/tr><tr><td>&nbsp;<\/td><td>6.0.7.0.72517<\/td><td>https:\/\/update.nsfocus.com\/update\/listWafSpecialDetail\/v\/all<\/td><td>&nbsp;<\/td><\/tr><tr><td>IPS<\/td><td>5.6.11.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listNewipsDetail\/v\/rule5.6.11<\/td><td>[29515]<\/td><\/tr><tr><td>&nbsp;<\/td><td>5.6.10.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listNewipsDetail\/v\/rule5.6.10<\/td><td>&nbsp;<\/td><\/tr><tr><td>&nbsp;<\/td><td>2.0.0.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listNewidsDetail\/v\/rule5.6.11_v2<\/td><td>&nbsp;<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listBsaUtsDetail\/v\/rule2.0.0<\/td><td>[29515]<\/td><\/tr><tr><td>&nbsp;<\/td><td>2.0.0.43026<\/td><td>https:\/\/update.nsfocus.com\/update\/listBsaUtsDetail\/v\/rule2.0.1<\/td><td>&nbsp;<\/td><\/tr><tr><td>ESP-H<\/td><td>1.0.0.1.2092890<\/td><td>https:\/\/update.nsfocus.com\/update\/listesphDetail\/v\/V3.0R01F00NG<\/td><td>[491417]<\/td><\/tr><tr><td>ISOP<\/td><td>1.0.0.1.2092890<\/td><td>https:\/\/update.nsfocus.com\/update\/listisopdetail\/v\/V3.0R01F00NG<\/td><td>[491417]<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Temporary protective measures<\/strong><\/p>\n\n\n\n<p>If the relevant users are temporarily unable to perform upgrade operations, temporary relief can be achieved through the following measures:<\/p>\n\n\n\n<p>1. Modify the configuration to disable the React Server Components function without affecting the business;<\/p>\n\n\n\n<p>2. Restrict access to Server Function endpoints.<\/p>\n\n\n\n<p>3. Use security devices to add custom rules for detection and interception.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statement<\/h2>\n\n\n\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About NSFOCUS<\/h2>\n\n\n\n<p>NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.<\/p>\n\n\n\n<p>Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world&acirc;&euro;&trade;s top ten telecommunications companies.<\/p>\n\n\n\n<p>Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>Overview Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of React\/Next.js (CVE-2025-55182\/CVE-2025-66478); Because React Server Components are insecurely deserialized when processing HTTP requests, an unauthenticated attacker can call the Node.js built-in module by constructing a specially crafted form to execute arbitrary code on [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":28664,"comment_status":"open","ping_status":"open","sticky":false,"template":"post-templates\/single-layout-8.php","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[2077,2078,605,2079],"class_list":["post-34868","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response","tag-cve-2025-55182","tag-cve-2025-66478","tag-rce","tag-react"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-04T07:25:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"React\\\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\\\/CVE-2025-66478) Notice and Handling Manual\",\"datePublished\":\"2025-12-04T07:25:36+00:00\",\"dateModified\":\"2026-04-17T18:07:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/\"},\"wordCount\":1216,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"keywords\":[\"CVE-2025-55182\",\"CVE-2025-66478\",\"RCE\",\"React\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/\",\"name\":\"React\\\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\\\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"datePublished\":\"2025-12-04T07:25:36+00:00\",\"dateModified\":\"2026-04-17T18:07:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"width\":169,\"height\":107,\"caption\":\"Critical alert icon with shield symbol.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"React\\\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\\\/CVE-2025-66478) Notice and Handling Manual\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/","og_locale":"pt_BR","og_type":"article","og_title":"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS","og_description":"Overview Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of","og_url":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/","og_site_name":"NSFOCUS","article_published_time":"2025-12-04T07:25:36+00:00","article_modified_time":"2026-04-17T18:07:34+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS","twitter_description":"Overview Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"5 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual","datePublished":"2025-12-04T07:25:36+00:00","dateModified":"2026-04-17T18:07:34+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/"},"wordCount":1216,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","keywords":["CVE-2025-55182","CVE-2025-66478","RCE","React"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/","url":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/","name":"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","datePublished":"2025-12-04T07:25:36+00:00","dateModified":"2026-04-17T18:07:34+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","width":169,"height":107,"caption":"Critical alert icon with shield symbol."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/react-next-js-remote-code-execution-vulnerability-cve-2025-55182-cve-2025-66478-notice\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"React\/Next.js Remote Code Execution Vulnerability (CVE-2025-55182\/CVE-2025-66478) Notice and Handling Manual"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/34868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=34868"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/34868\/revisions"}],"predecessor-version":[{"id":35566,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/34868\/revisions\/35566"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/28664"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=34868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=34868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=34868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}